Clear, consistent mapping of third-party service relationships can support financial institutions' effective monitoring and management of third-party risks. It can also provide useful data for financial authorities to identify systemic third-party dependencies and related potential systemic risks (see Chapter 4).

Financial institutions may:

- Keep a full, up-to-date, register of their third-party service relationships that identifies the criticality of different services;

- Make the register, or parts thereof, available to financial authorities periodically [This and other information could be provided to financial authorities confidentially, as appropriate, in order to avoid risks potentially arising from public disclosure.], upon request or in specific circumstances, such as (i) a new or proposed arrangement or (ii) a significant change to an existing arrangement for the provision of critical services; and

- As part of their operational resilience framework, map the necessary dependencies and interconnections for the delivery of their operations supporting critical services, including those dependent on intra-group arrangements and service providers.

Financial authorities may have different current and evolving expectations as to what specific information financial institutions should set out in such registers. However, this information could include elements such as: